Created attachment 161914 [details] svn diff for sysutils/webjob webjob will not build if OpenSSL was built without SSLv3 (--no-ssl3). LibreSSL 2.3.0 has removed SSLv3 support completely. - Fix build without SSLv3
Created attachment 161915 [details] svn diff for sysutils/webjob
Can you provide these patches as a single diffs against the port head. please You can create the files/ patches using `make makepatch` after modifying the original source files using your individual patches.
Patch being reviewed/tested. Will post an update once that is done.
I was not able to replicate the issue, so some additional feedback is required. More specifically, I would like to know the exact build environment and steps needed to reproduce the build failure. My build environment was a fresh install of FreeBSD 10.2. For the openssl port, I ran 'make config' and disabled SSLv2/3 protocol support. Next, I disabled the base version of openssl by adding 'WITH_OPENSSL_PORT=yes' to /etc/make.conf. Finally, I built an webjob with 'make NO_STATIC=1'. The result was a successful build. The following output shows that webjob was linked against the openssl port (as opposed to the base version): # /usr/bin/openssl version OpenSSL 1.0.1p-freebsd 9 Jul 2015 # /usr/local/bin/openssl version OpenSSL 1.0.2d 9 Jul 2015 # webjob -v webjob 1.9.0 64-bit dsv,ssl(1.0.2d) # ldd /usr/local/bin/webjob /usr/local/bin/webjob: libssl.so.8 => /usr/local/lib/libssl.so.8 (0x80083d000) libcrypto.so.8 => /usr/local/lib/libcrypto.so.8 (0x800aa7000) libc.so.7 => /lib/libc.so.7 (0x800eb3000) libthr.so.3 => /lib/libthr.so.3 (0x80125f000)
Created attachment 165517 [details] Disables flawed SSL protocols The patches for ssl.c (one for webjob and one for webjob-dsvtool) disable SSLv2, SSLv3, TLSv1, and TLSv1_1.
Hi Klayton, I think you'll need ifdef guards around the SSL_OP_NO_* as well, I've seen failures when these are used when the libraries don't provide them. Probably a guard around SSL_OP_NO_TLSv1_1 may still be required for FreeBSD 9.3's OpenSSL 0.9.8. From LibreSSL-devel's /usr/local/include/openssl/ssl.h #define SSL_OP_NO_SSLv3 0x0 In contrast, openssl's /usr/local/include/openssl/ssl.h # define SSL_OP_NO_SSLv2 0x01000000L Beware, these errors were triggered in the ports builder of PC-BSD which builds with LibreSSL Cheers, Bernard.
Created attachment 165527 [details] Disables flawed SSL protocols
Created attachment 165531 [details] Disables flawed SSL protocols
A commit references this bug: Author: brnrd Date: Sun Jun 12 18:18:31 UTC 2016 New revision: 416817 URL: https://svnweb.freebsd.org/changeset/ports/416817 Log: sysutils/webjob: Fix build without SSLv2 PR: 203701 Sponsored by: BSDCan 2016 Changes: head/sysutils/webjob/files/ head/sysutils/webjob/files/patch-src_ssl.c head/sysutils/webjob/files/patch-tools_webjob-dsvtool_ssl.c